Tracking suspect activity with logs
Linux and our web applications store the details of processed actions in log files and we use these to track anything from server performance to visitors and vulnerabilities.
For our purpose, we are interested primarily in the access log which, recording each and every web request from client to server and whether successful or failed, helps us to trace malicious activity, isolating site or server weaknesses which we can then secure.
Checking the access log varies between web hosts. For shared types, most commonly using cPanel, there's a panel area called Logs, so there's a start. To scrutinize recent activity, click on Latest Visitors, then click through to your site. Historical records, on the other hand, often need enabling so, again with cPanel, this time click on the dashboard's Raw Access Logs icon, checking the boxes as shown here, clicking on Save:
From now on, you can download these logs, in compressed .gz format, from the Raw Access Logs page. Windows...
